Authentication on many factors, encryption options and lock-down. These are some of the new Windows 10 on the safety of the devices and data. The initial interest in Windows 10 Technical Preview concerned the new aspects related to the interface, the introduction of the Start menu and overall aesthetic aspects of the new operating system.
For now, those who expected to revolutionize news about the graphics or features was disappointed, but maybe we get to the stage where Microsoft will unveil new more substantial.
Yesterday on the official website of the Blog, Microsoft have been reported interesting news about security and data management in Windows 10. It is an announcement that at the present time is not yet fully reflected in the build available to the public a few days, but the topics deserve to be carefully considered.
The first aspect concerns the innovative capabilities of Access Control and Identity Protection. With Windows 10 Microsoft intends to introduce authentication mode based on multiple factors, above the more traditional approach based on user name and password. Using the password will be overcome with the implementation of cryptographic keys managed in different ways depending on whether there is or is not in business contexts, and not just information, the access token is stored on the system in a safe environment managed through Hyper-V. To these two elements is added an additional control based on a generated PIN or managed in a manner not yet defined, or based on a second device.
From the information available at the moment seems to understand that with Windows 10 even if the PIN was stolen cannot be used for data access. For authentication would be lacking the necessary hardware component that constitutes the second control element. In case of theft of the device will instead be the PIN fails, then also in this case. The authentication will not be successful. There is to be noted that the authentication scheme provided by Microsoft is not proprietary but based on technologies that are common to many other online services that meet the technical specifications provided by Fido Alliance.
You can define authentication as the second element of a smart phone or other mobile device that, if detected in the vicinity of your PC or tablet with Windows 10 will do the job of a second authentication element. The presence detection should be done via Bluetooth or Wi-Fi – as exemplified by Microsoft – allow you to use your smartphone as a wireless smartcard.
The data on the system are also protected through a DLP (Data Loss Prevention) that provides flexibility for IT managers to manage and separate corporate data from personal ones. For these two types of data can also be defined using different encryption policies for the protection; which is also extended to the app and applications with specific settings for the use of VPN connections.
In case of theft, and in the context of enterprise solutions with Windows 10 will also be available from the remote device lock options: in addition to security described above will be able to remotely lock a specific device, thus preventing potentially those who carried out the theft may have access to data and resources of your PC. The hardware device is lost but the information it contains will remain safe.
As reported by Microsoft certainly deserves further investigation when all the details will be made public.